Bill Maher Asked What's on Everyone's Mind Regarding the Trump Assassination Attempt
Why Van Jones' Take on the Republican Convention Should Make Dems Nervous
There's One Dem Biden Is Supremely Irritated With Right Now
Would Jefferson Have Told You What Kind of Horse You Could Buy?
Our Precarious, Flabby Military and a Generation of Unhardy Americans
Man Arrested For Death Threats Against Trump, Vance Ahead of Their First Rally...
GOP Governor Reverses Stance, Endorses Trump
Pollster Nate Silver: 'Unmistakable' Shift In Support for Trump
Joe Biden's National Rent Control Plan Would Be a Very Bad Idea
Democrat Rep. Sheila Jackson Lee Loses Her Battle With Cancer
Biden Co-Chair Chris Coons' Remarks About Biden Staying in the Race Sure Are...
Biden’s NPA-A Announcement Jeopardizes U.S. Energy Security
End Small Business Tax to Make Main Street Great Again
Duty Drawback Example of Corporate Welfare
Joe Biden, American Lemon

Experts:'s 'Fundamental' Data Security Weaknesses 'Alarming'

Of all the shoes waiting to drop on Obamacare over the next year, one of the least-discussed is a damaging data security breach. We've seen a few troubling incidents crop up in various states, and an expert uncovered a major backdoor vulnerability to early on in the process -- but we haven't heard about any large- scale security meltdowns...yet, that is. Obamacare officials say the site recently passed a battery of security tests, but cyber security professionals offered a starkly different assessment to Reuters:


A group of cyber security professionals is warning that the U.S. government has failed to implement fixes to protect the website from hackers, some three months after experts first pointed out the problem. David Kennedy, head of computer security consulting firm TrustedSec LLC, told Reuters that the government has yet to plug more than 20 vulnerabilities that he and other security experts reported to the government shortly after went live on October 1. Hackers could steal personal information, modify data or attack the personal computers of the website's users, he said. They could also damage the infrastructure of the site, according to Kennedy, who is scheduled to describe his security concerns in testimony on Thursday before the House Science, Space and Technology Committee. "These issues are alarming," Kennedy said in an interview on Wednesday.

So who's telling the truth? The administration says's security functions just received a clean bill of health. Outside experts say more than 20 deficiencies haven't been addressed -- and that they raised red flags about these issues in early October. Indeed, private sector authorities, hackers, members of Congress, and even some Obamacare bureaucrats have been pounding the table on these "limitless risks" for months. But how bad could these enduring weaknesses really be? This bad:


"The site is fundamentally flawed in ways that make it dangerous to people who use it," said Kevin Johnson, one of the experts who reviewed Kennedy's findings. Johnson said that one of the most troubling issues was that a hacker could upload malicious code to the site, then attack other users. "You can take control of their computers," said Johnson, chief executive of a firm known as Secure Ideas and a teacher at the non-profit SANS Institute, the world's biggest organization that trains and certifies cyber security professionals. He declined to provide further details about that vulnerability, saying he was concerned the information could be used by malicious hackers to launch attacks...One security flaw that Kennedy first uncovered and reported to the government in October exposes information including a user's full name and email address. He said he wrote a short computer program in five minutes that automatically collects that data, which was able to import some 70,000 records in about four minutes. He said the information was accessible via the Internet and he did not have to hack the site to get it. He declined to elaborate.

He whipped up a rudimentary program in five minutes, let it run, and collected 70,000 records in the span of four minutes. But the government tells us everything is just fine. Tests were supposedly passed, after all. Many Americans will understandably trust the experts over the Obama administration, which has lied, dissembled and betrayed pledges over months of bumbling Obamacare incompetence. But if the data risks are so glaringly apparent, why haven't we seen a massive breach? Allahpundit reasons through three possible explanations: First, the site may appear to be vulnerable, but it's actually pretty secure. Re-read the last excerpt above and draw your own conclusions. Second, that the site is, in fact, vulnerable, but hackers don't want to cross the feds on something this big. But that's what hackers do. Some may be scared off by the world of hurt that would come crashing down on them if they get caught, but surely someone is willing to give Uncle Sam the finger and tap this treasure trove of personal data, right? Finally, he suggests that breaches have already occurred, we just haven't heard about them yet. Maybe the administration is suppressing information, or maybe they haven't even detected the problems. In any case, the lingering threat of identity theft will continue to hang over the Obamacare enrollment process like Damocles' sword -- and any forthcoming report about a big-time data exposure could deal yet another devastating blow to the program's tattered reputation.



Join the conversation as a VIP Member


Trending on Townhall Videos